modules/rampart-core/src/main/java/org/apache/rampart/conversation/Util.java - axis-axis2-java-rampart - Git at Google

 /*
  * Copyright 2004,2005 The Apache Software Foundation.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 package org.apache.rampart.conversation;

 import org.apache.axiom.om.OMElement;
 import org.apache.axiom.om.util.Base64;
 import org.apache.axis2.util.Loader;
 import org.apache.rahas.RahasConstants;
 import org.apache.rahas.Token;
 import org.apache.rahas.TrustException;
 import org.apache.rampart.RampartException;
 import org.apache.ws.security.WSConstants;
 import org.apache.ws.security.components.crypto.Crypto;
 import org.apache.ws.security.components.crypto.CryptoFactory;
 import org.apache.ws.security.message.token.SecurityContextToken;
 import org.apache.ws.security.processor.EncryptedKeyProcessor;
 import org.w3c.dom.Element;

 import javax.security.auth.callback.CallbackHandler;
 import javax.xml.namespace.QName;
 import java.util.Vector;

 public class Util {

     /**
      * Returns the crypto instance of this configuration. If one is not
      * availabale then it will try to create a <code>Crypto</code> instance
      * using available configuration information and will set it as the
      * <code>Crypto</code> instance of the configuration.
      *
      * @param config
      * @return The crypto instance of this configuration
      * @throws RahasException
      */
     public static Crypto getCryptoInstace(ConversationConfiguration config)
             throws RampartException {
         if (config.getCrypto() != null) {
             return config.getCrypto();
         } else {
             Crypto crypto = null;
             if (config.getCryptoClassName() != null
                 && config.getCryptoProperties() != null) {
                 crypto = CryptoFactory.getInstance(config.getCryptoClassName(),
                                                    config.getCryptoProperties());
             } else if (config.getCryptoPropertiesFile() != null) {
                 if (config.getClassLoader() != null) {
                     crypto = CryptoFactory
                             .getInstance(config.getCryptoPropertiesFile(),
                                          config.getClassLoader());
                 } else {
                     crypto = CryptoFactory.getInstance(config
                             .getCryptoPropertiesFile());
                 }
             } else {
                 throw new RampartException("cannotCrateCryptoInstance");
             }
             config.setCrypto(crypto);
             return crypto;
         }
     }

     public static void processRSTR(OMElement rstr, ConversationConfiguration config)
             throws Exception {
         // Extract the SecurityContextToken

         String ns = null;

         OMElement rstElem =
                 rstr.getFirstChildWithName(new QName(RahasConstants.WST_NS_05_02,
                                                      RahasConstants.IssuanceBindingLocalNames.
                                                              REQUESTED_SECURITY_TOKEN));
         if (rstElem != null) {
             ns = RahasConstants.WST_NS_05_02;
         } else {
             //At this point we certainthe version is the WS-SX version
             rstElem =
                     rstr.getFirstChildWithName(new QName(RahasConstants.WST_NS_05_12,
                                                          RahasConstants.IssuanceBindingLocalNames.
                                                                  REQUESTED_SECURITY_TOKEN));
             ns = RahasConstants.WST_NS_05_12;
         }
         Token token = null;
         if (rstElem != null) {
             OMElement sctElem = rstElem.getFirstElement();
             if (sctElem != null) {
                 SecurityContextToken sct = new SecurityContextToken(
                         (Element) sctElem);
                 token = new Token(sct.getIdentifier(), sctElem, rstr
                         .getFirstChildWithName(new QName(ns,
                                                          RahasConstants.IssuanceBindingLocalNames.
                                                                  LIFETIME)));
                 resgisterContext(sct.getIdentifier(), config);
             } else {
                 throw new RampartException("sctMissingInResponse");
             }
         } else {
             throw new TrustException("reqestedSecTokMissing");
         }

         // Process RequestedProofToken and extract the secret
         byte[] secret = null;
         OMElement rpt = rstr.getFirstChildWithName(new QName(ns,
                                                              RahasConstants.LocalNames.
                                                                      REQUESTED_PROOF_TOKEN));
         if (rpt != null) {
             OMElement elem = rpt.getFirstElement();

             if (WSConstants.ENC_KEY_LN.equals(elem.getLocalName())
                 && WSConstants.ENC_NS.equals(elem.getNamespace().getNamespaceURI())) {
                 // Handle the xenc:EncryptedKey case
                 EncryptedKeyProcessor processor = new EncryptedKeyProcessor();
                 processor.handleToken((Element) elem, null, Util
                         .getCryptoInstace(config),
                                       getCallbackHandlerInstance(config), null, new Vector(),
                                       null);
                 secret = processor.getDecryptedBytes();
             } else if (RahasConstants.LocalNames.BINARY_SECRET.equals(elem.getLocalName()) &&
                        RahasConstants.WST_NS_05_02.equals(elem.getNamespace().getNamespaceURI()))
             {
                 // Handle the wst:BinarySecret case
                 secret = Base64.decode(elem.getText());
             } else {
                 throw new TrustException("notSupported", new String[]{"{"
                                                                       + elem.getNamespace().getNamespaceURI() + "}"
                                                                       + elem.getLocalName()});
             }
         } else {
             throw new TrustException("rptMissing");
         }

         // Check for attached ref
         OMElement reqAttElem =
                 rstr.getFirstChildWithName(new QName(RahasConstants.WST_NS_05_02,
                                                      RahasConstants.IssuanceBindingLocalNames.
                                                              REQUESTED_ATTACHED_REFERENCE));
         OMElement reqAttRef = reqAttElem == null ? null : reqAttElem
                 .getFirstElement();

         OMElement reqUnattElem =
                 rstr.getFirstChildWithName(new QName(RahasConstants.WST_NS_05_02,
                                                      RahasConstants.IssuanceBindingLocalNames.
                                                              REQUESTED_UNATTACHED_REFERENCE));
         OMElement reqUnattRef = reqUnattElem == null ? null : reqUnattElem
                 .getFirstElement();

         token.setAttachedReference(reqAttRef);
         token.setUnattachedReference(reqUnattRef);
         token.setSecret(secret);
         config.getTokenStore().add(token);
     }

     private static CallbackHandler getCallbackHandlerInstance(
             ConversationConfiguration config) throws Exception {
         if (config.getPasswordCallbackRef() != null) {
             return config.getPasswordCallbackRef();
         } else if (config.getPasswordCallbackClass() != null) {
             if (config.getClassLoader() != null) {
                 Class clazz = Loader.loadClass(config.getClassLoader(), config
                         .getPasswordCallbackClass());
                 return (CallbackHandler) clazz.newInstance();
             } else {
                 Class clazz = Loader.loadClass(config
                         .getPasswordCallbackClass());
                 return (CallbackHandler) clazz.newInstance();
             }
         } else {
             throw new RampartException("noInfoForCBhandler");
         }
     }

     /**
      * This registers the security context mapping ?e context identifier to
      * the wsa:Action/soapAction or the service address, depending on the scope.
      *
      * @param identifier The security context identifier
      * @param config     The ConversationConfiguration instance
      * @throws RampartException If scope is "operation" and the wsa:Action is not available.
      *                          If scope is "service" and the wsa:To is missing.
      */
     public static void resgisterContext(String identifier, ConversationConfiguration config) throws RampartException {
         config.setContextIdentifier(identifier);

         if (config.getScope().equals(ConversationConfiguration.SCOPE_OPERATION)) {
             String action = config.getMsgCtx().getSoapAction();
             if (action != null) {
                 config.getContextMap().put(action, identifier);
             } else {
                 throw new RampartException("missingWSAAction");
             }
         } else {
             String to = config.getMsgCtx().getTo().getAddress();
             if (to != null) {
                 config.getContextMap().put(to, identifier);
             } else {
                 throw new RampartException("missingWSATo");
             }
         }
         //TODO
         //this.contextMap
     }

 }
	/*
	* Copyright 2004,2005 The Apache Software Foundation.
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	package org.apache.rampart.conversation;

	import org.apache.axiom.om.OMElement;
	import org.apache.axiom.om.util.Base64;
	import org.apache.axis2.util.Loader;
	import org.apache.rahas.RahasConstants;
	import org.apache.rahas.Token;
	import org.apache.rahas.TrustException;
	import org.apache.rampart.RampartException;
	import org.apache.ws.security.WSConstants;
	import org.apache.ws.security.components.crypto.Crypto;
	import org.apache.ws.security.components.crypto.CryptoFactory;
	import org.apache.ws.security.message.token.SecurityContextToken;
	import org.apache.ws.security.processor.EncryptedKeyProcessor;
	import org.w3c.dom.Element;

	import javax.security.auth.callback.CallbackHandler;
	import javax.xml.namespace.QName;
	import java.util.Vector;

	public class Util {

	/**
	* Returns the crypto instance of this configuration. If one is not
	* availabale then it will try to create a <code>Crypto</code> instance
	* using available configuration information and will set it as the
	* <code>Crypto</code> instance of the configuration.
	*
	* @param config
	* @return The crypto instance of this configuration
	* @throws RahasException
	*/
	public static Crypto getCryptoInstace(ConversationConfiguration config)
	throws RampartException {
	if (config.getCrypto() != null) {
	return config.getCrypto();
	} else {
	Crypto crypto = null;
	if (config.getCryptoClassName() != null
	&& config.getCryptoProperties() != null) {
	crypto = CryptoFactory.getInstance(config.getCryptoClassName(),
	config.getCryptoProperties());
	} else if (config.getCryptoPropertiesFile() != null) {
	if (config.getClassLoader() != null) {
	crypto = CryptoFactory
	.getInstance(config.getCryptoPropertiesFile(),
	config.getClassLoader());
	} else {
	crypto = CryptoFactory.getInstance(config
	.getCryptoPropertiesFile());
	}
	} else {
	throw new RampartException("cannotCrateCryptoInstance");
	}
	config.setCrypto(crypto);
	return crypto;
	}
	}

	public static void processRSTR(OMElement rstr, ConversationConfiguration config)
	throws Exception {
	// Extract the SecurityContextToken

	String ns = null;

	OMElement rstElem =
	rstr.getFirstChildWithName(new QName(RahasConstants.WST_NS_05_02,
	RahasConstants.IssuanceBindingLocalNames.
	REQUESTED_SECURITY_TOKEN));
	if (rstElem != null) {
	ns = RahasConstants.WST_NS_05_02;
	} else {
	//At this point we certainthe version is the WS-SX version
	rstElem =
	rstr.getFirstChildWithName(new QName(RahasConstants.WST_NS_05_12,
	RahasConstants.IssuanceBindingLocalNames.
	REQUESTED_SECURITY_TOKEN));
	ns = RahasConstants.WST_NS_05_12;
	}
	Token token = null;
	if (rstElem != null) {
	OMElement sctElem = rstElem.getFirstElement();
	if (sctElem != null) {
	SecurityContextToken sct = new SecurityContextToken(
	(Element) sctElem);
	token = new Token(sct.getIdentifier(), sctElem, rstr
	.getFirstChildWithName(new QName(ns,
	RahasConstants.IssuanceBindingLocalNames.
	LIFETIME)));
	resgisterContext(sct.getIdentifier(), config);
	} else {
	throw new RampartException("sctMissingInResponse");
	}
	} else {
	throw new TrustException("reqestedSecTokMissing");
	}

	// Process RequestedProofToken and extract the secret
	byte[] secret = null;
	OMElement rpt = rstr.getFirstChildWithName(new QName(ns,
	RahasConstants.LocalNames.
	REQUESTED_PROOF_TOKEN));
	if (rpt != null) {
	OMElement elem = rpt.getFirstElement();

	if (WSConstants.ENC_KEY_LN.equals(elem.getLocalName())
	&& WSConstants.ENC_NS.equals(elem.getNamespace().getNamespaceURI())) {
	// Handle the xenc:EncryptedKey case
	EncryptedKeyProcessor processor = new EncryptedKeyProcessor();
	processor.handleToken((Element) elem, null, Util
	.getCryptoInstace(config),
	getCallbackHandlerInstance(config), null, new Vector(),
	null);
	secret = processor.getDecryptedBytes();
	} else if (RahasConstants.LocalNames.BINARY_SECRET.equals(elem.getLocalName()) &&
	RahasConstants.WST_NS_05_02.equals(elem.getNamespace().getNamespaceURI()))
	{
	// Handle the wst:BinarySecret case
	secret = Base64.decode(elem.getText());
	} else {
	throw new TrustException("notSupported", new String[]{"{"
	+ elem.getNamespace().getNamespaceURI() + "}"
	+ elem.getLocalName()});
	}
	} else {
	throw new TrustException("rptMissing");
	}

	// Check for attached ref
	OMElement reqAttElem =
	rstr.getFirstChildWithName(new QName(RahasConstants.WST_NS_05_02,
	RahasConstants.IssuanceBindingLocalNames.
	REQUESTED_ATTACHED_REFERENCE));
	OMElement reqAttRef = reqAttElem == null ? null : reqAttElem
	.getFirstElement();

	OMElement reqUnattElem =
	rstr.getFirstChildWithName(new QName(RahasConstants.WST_NS_05_02,
	RahasConstants.IssuanceBindingLocalNames.
	REQUESTED_UNATTACHED_REFERENCE));
	OMElement reqUnattRef = reqUnattElem == null ? null : reqUnattElem
	.getFirstElement();

	token.setAttachedReference(reqAttRef);
	token.setUnattachedReference(reqUnattRef);
	token.setSecret(secret);
	config.getTokenStore().add(token);
	}

	private static CallbackHandler getCallbackHandlerInstance(
	ConversationConfiguration config) throws Exception {
	if (config.getPasswordCallbackRef() != null) {
	return config.getPasswordCallbackRef();
	} else if (config.getPasswordCallbackClass() != null) {
	if (config.getClassLoader() != null) {
	Class clazz = Loader.loadClass(config.getClassLoader(), config
	.getPasswordCallbackClass());
	return (CallbackHandler) clazz.newInstance();
	} else {
	Class clazz = Loader.loadClass(config
	.getPasswordCallbackClass());
	return (CallbackHandler) clazz.newInstance();
	}
	} else {
	throw new RampartException("noInfoForCBhandler");
	}
	}

	/**
	* This registers the security context mapping ?e context identifier to
	* the wsa:Action/soapAction or the service address, depending on the scope.
	*
	* @param identifier The security context identifier
	* @param config The ConversationConfiguration instance
	* @throws RampartException If scope is "operation" and the wsa:Action is not available.
	* If scope is "service" and the wsa:To is missing.
	*/
	public static void resgisterContext(String identifier, ConversationConfiguration config) throws RampartException {
	config.setContextIdentifier(identifier);

	if (config.getScope().equals(ConversationConfiguration.SCOPE_OPERATION)) {
	String action = config.getMsgCtx().getSoapAction();
	if (action != null) {
	config.getContextMap().put(action, identifier);
	} else {
	throw new RampartException("missingWSAAction");
	}
	} else {
	String to = config.getMsgCtx().getTo().getAddress();
	if (to != null) {
	config.getContextMap().put(to, identifier);
	} else {
	throw new RampartException("missingWSATo");
	}
	}
	//TODO
	//this.contextMap
	}

	}